BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Problems uploading log file
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Trial users > Problems uploading log file  
Forum Quick Jump
 
New Topic Post reply to : Problems uploading log file Printable version of : Problems uploading log file
[ << Previous Thread | Next Thread >> ]

irvy
New Member


Date Joined Sep 2006
Total Posts : 5
 
   Posted 9/9/2006 4:24 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
Hi,
Could you look at my logfile please and tell me how to clean out files. I am still getting virus alerts and as the computer is DEAD slow I fear there may be a trojan too.
Oooops just tried to upload the file but it wont let me.  any suggestions
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/10/2006 8:39 AM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
Hi irvy




1. Get newest Hijackthis from http://danborg.org/spy/hjt/alternativ.exe
Another name for Hijackthis exe

2 Install it in a PERMANENT folder! Example : c:\hijackthis\

3 Run hijackthis.  (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.
 
    
     Post hijackthis (alternativ)  log


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

irvy
New Member


Date Joined Sep 2006
Total Posts : 5
 
   Posted 9/10/2006 2:40 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
 
Hi,
Thanks for your response.
I had already downloaded hijackthis and edwido as recommended in another post. I now seem to have another virus/trojan or whatever called winantiviruspro 2006, that has taken over internet explorer and takes me to different web sites when I click on a link my google home page.
Any help would be much appreciated
irvy
 
 
Logfile of HijackThis v1.99.1
Scan saved at 12:33:17, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\program files\spybot - search & destroy\SpybotSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Irene & John\My Documents\DOWNLOADS\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C810298-F94E-4B2F-B1FA-6E3EE5D9612C} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115426152062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151267868812
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader3.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/10/2006 4:13 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
Please download VirtumundoBeGone http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Save the file to your desktop
Close all running programs (including your Internet Browser)


Read the introductory information, and then click Continue
Click Start
When asked if you want to continue, click Yes to run the fix
Click "Save Log"


Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.
The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop.


Post VBG Txt log along with fresh hijackthis log and tell how things are running



Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

irvy
New Member


Date Joined Sep 2006
Total Posts : 5
 
   Posted 9/10/2006 5:06 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
Hi,
Thanks for getting back to me.,
I did as you suggested and here are the log files - which mean absolutely nothing to me!!!
irvy
 

[09/10/2006, 14:55:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Irene & John\My Documents\DOWNLOADS\VirtumundoBeGone.exe" )
[09/10/2006, 14:56:11] - Detected System Information:
[09/10/2006, 14:56:11] -  Windows Version: 5.1.2600, Service Pack 2
[09/10/2006, 14:56:11] -  Current Username: Irene & John (Admin)
[09/10/2006, 14:56:11] -  Windows is in NORMAL mode.
[09/10/2006, 14:56:11] - Searching for Browser Helper Objects:
[09/10/2006, 14:56:11] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[09/10/2006, 14:56:11] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/10/2006, 14:56:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/10/2006, 14:56:11] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/10/2006, 14:56:11] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/10/2006, 14:56:11] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/10/2006, 14:56:11] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/10/2006, 14:56:11] -  BHO 5: {D6A5DB0C-643C-4053-B290-AA421049594B} ()
[09/10/2006, 14:56:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/10/2006, 14:56:11] -  Checking for HKLM\...\Winlogon\Notify\jkhfc
[09/10/2006, 14:56:11] -  Found: HKLM\...\Winlogon\Notify\jkhfc - This is probably Virtumundo.
[09/10/2006, 14:56:11] -  Assigning {D6A5DB0C-643C-4053-B290-AA421049594B} MSEvents Object
[09/10/2006, 14:56:11] - BHO list has been changed! Starting over...
[09/10/2006, 14:56:11] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[09/10/2006, 14:56:11] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/10/2006, 14:56:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/10/2006, 14:56:11] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/10/2006, 14:56:11] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/10/2006, 14:56:11] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/10/2006, 14:56:11] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/10/2006, 14:56:11] -  BHO 5: {D6A5DB0C-643C-4053-B290-AA421049594B} (MSEvents Object)
[09/10/2006, 14:56:11] - ALERT: Found MSEvents Object!
[09/10/2006, 14:56:11] - Finished Searching Browser Helper Objects
[09/10/2006, 14:56:11] - *** Detected MSEvents Object
[09/10/2006, 14:56:11] - Trying to remove MSEvents Object...
[09/10/2006, 14:56:12] -    Terminating Process: IEXPLORE.EXE
[09/10/2006, 14:56:12] -    Terminating Process: RUNDLL32.EXE
[09/10/2006, 14:56:12] -    Disabling Automatic Shell Restart
[09/10/2006, 14:56:12] -    Terminating Process: EXPLORER.EXE
[09/10/2006, 14:56:12] -    Suspending the NT Session Manager System Service
[09/10/2006, 14:56:12] -    Terminating Windows NT Logon/Logoff Manager
[09/10/2006, 14:56:12] -    Re-enabling Automatic Shell Restart
[09/10/2006, 14:56:12] -   File to disable: C:\WINDOWS\system32\jkhfc.dll
[09/10/2006, 14:56:12] -  Renaming C:\WINDOWS\system32\jkhfc.dll -> C:\WINDOWS\system32\jkhfc.dll.vir
[09/10/2006, 14:56:13] -  File successfully renamed!
[09/10/2006, 14:56:13] -   Removing HKLM\...\Browser Helper Objects\{D6A5DB0C-643C-4053-B290-AA421049594B}
[09/10/2006, 14:56:13] -   Removing HKCR\CLSID\{D6A5DB0C-643C-4053-B290-AA421049594B}
[09/10/2006, 14:56:13] -   Adding Kill Bit for ActiveX for GUID: {D6A5DB0C-643C-4053-B290-AA421049594B}
[09/10/2006, 14:56:13] -   Deleting ATLEvents/MSEvents Registry entries
[09/10/2006, 14:56:13] -   Removing HKLM\...\Winlogon\Notify\jkhfc
[09/10/2006, 14:56:13] - Searching for Browser Helper Objects:
[09/10/2006, 14:56:13] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[09/10/2006, 14:56:13] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/10/2006, 14:56:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/10/2006, 14:56:13] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/10/2006, 14:56:13] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/10/2006, 14:56:13] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/10/2006, 14:56:13] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/10/2006, 14:56:13] - Finished Searching Browser Helper Objects
[09/10/2006, 14:56:13] - Finishing up...
[09/10/2006, 14:56:13] - A restart is needed.
[09/10/2006, 14:56:29] - Attempting to Restart via STOP error (Blue Screen!)
 
 
Logfile of HijackThis v1.99.1
Scan saved at 15:01:37, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115426152062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151267868812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader3.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
SmitFraudFix v2.85
Scan done at 13:49:40.28, 10/09/2006
Run from
C:\Documents and Settings\Irene & John\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IRENE

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                       
Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@247realmedia[1].txt                                                                                                                                                                                
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@ad.yieldmanager[2].txt                                                                                                                                                                             
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@atdmt[2].txt                                                                                                                                                                                       
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@doubleclick[1].txt                                                                                                                                                                                 
Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@fastclick[2].txt                                                                                                                                                                                   
Spyware:Cookie/Hitbox                                                           Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@hitbox[2].txt                                                                                                                                                                                      
Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@mediaplex[1].txt                                                                                                                                                                                   
Spyware:Cookie/Statcounter                                                      Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@statcounter[1].txt                                                                                                                                                                                 
Spyware:Cookie/Reliablestats                                                    Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@stats1.reliablestats[1].txt                                                                                                                                                                        
Spyware:Cookie/Toplist                                                          Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@toplist[1].txt                                                                                                                                                                                     
Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@tribalfusion[1].txt                                                                                                                                                                                
Spyware:Cookie/Xiti                                                             Not disinfected               C:\Documents and Settings\Irene & John\Cookies\irene & john@xiti[1].txt                                                                                                                                                                                        
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Irene & John\Desktop\SmitfraudFix\Process.exe                                                                                                                                                                                        
Adware:Adware/AdvertMem                                                         Not disinfected               C:\Documents and Settings\Irene & John\Incomplete\T-512213-_better version_ oh its such a perfect day 44.rar[setup.exe]                                                                                                                                        
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Irene & John\My Documents\DOWNLOADS\SmitfraudFix.zip[SmitfraudFix/Process.exe]                                                                                                                                                       
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/10/2006 6:40 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
It looks better to me smile
 
 
 
 Please download free  Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 

Download and install: 
http://www.filehippo.com/download_ccleaner/
For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:
Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:
Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup

 
 
 
 You may want to print this or save it to notepad as we will go to safe mode.
   
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
 
 
Reboot into Safe  Mode   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
Delete:
 
Folders:
C:\Program Files\TClockEx\TCLOCKEX.EXE
 
 
 
Open Ccleaner.
1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
2. A pop up box will appear advising this process will permanently delete files from your system.
3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer". Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.
 
 

 
 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, let it Reboot
 
 
Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
And Find:
superantispyware log
 
 
Post this log along with fresh hijackthis log and tell how things are running
 


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

irvy
New Member


Date Joined Sep 2006
Total Posts : 5
 
   Posted 9/10/2006 8:21 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
Hi,
I really appreciate your help with this. You must let me know how I can make a donation to your site.
I did as you suggested and here are the log files.
 
Logfile of HijackThis v1.99.1
Scan saved at 18:15:43, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://c:\program files\ebay\ebay toolbar2\ebaytb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115426152062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151267868812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader3.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
 
SUPERAntiSpyware Scan Log
Generated 09/10/2006 at 06:05 PM
Core Rules Database Version : 3078
Trace Rules Database Version: 1113
Memory threats detected   : 0
Registry threats detected : 35
File threats detected     : 8
Adware.Tracking Cookie
 C:\Documents and Settings\Irene & John\Cookies\irene & john@xiti[1].txt
 C:\Documents and Settings\Irene & John\Cookies\irene & john@122.2o7[1].txt
 C:\Documents and Settings\Irene & John\Cookies\irene & john@winantivirus[1].txt
 C:\Documents and Settings\Irene & John\Cookies\irene & john@indextools[2].txt
 C:\Documents and Settings\Irene & John\Cookies\irene & john@ad.yieldmanager[1].txt
 C:\Documents and Settings\Irene & John\Cookies\irene & john@1070847646[1].txt
Trojan.WinAntiSpyware/WinAntiVirus 2006
 HKLM\SYSTEM\CurrentControlSet\Services\vspf
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
 HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
 HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
 HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
Trojan.Unknown Origin
 HKLM\SOFTWARE\Microsoft\MSSMGR
 HKLM\SOFTWARE\Microsoft\MSSMGR#Data
 HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
 HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
 HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
 HKLM\SOFTWARE\Microsoft\MSSMGR#LID
 HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
 HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
 HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
 HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
 HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
 HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
 HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
Adware.Vundo Variant
 C:\WINDOWS\system32\jkhfc.dll.vir
Unclassified.Unknown Origin
 C:\WINDOWS\system32\tuvuvsr.dll
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/10/2006 8:53 PM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
I appreciate Your offer, but it is a free service smile
 
 
Clean log
 
 
Hide systemfiles again
From Windows Explorer, go to Tools>Folder Options> View tab.
Untick - Show hidden files and folder
Tick - Hide file extensions for known types
Tick - Hide protected operating system files
Click Yes to confirm & then click OK


To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore.
 
I suggest You install these  - ->>

IE-SPYADS | IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known ad/spy servers and domains to the "Restricted Zone" of Internet Explorer.
 
SpywareBlaster | SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.
 
SpywareGuard | SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
 
 


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

irvy
New Member


Date Joined Sep 2006
Total Posts : 5
 
   Posted 9/11/2006 1:21 AM (GMT +3)    Quote: Problems uploading log fileAlert an admin about: Problems uploading log file
Hi Touch,
Ever thought of changing your signature to Midas, cos you sure have the Midas Touch!!yeah
Thank you so much for getting my system cleaned out. Hubby uses p.c. for online banking so I have to keep it bug free.
I have downloaded the files you suggested and will be nore vigilant in what I download from the net in future.
Thanks again for all you help. It was very much appreciated.
irvy
Back to Top
 
New Topic Post reply to : Problems uploading log file Printable version of : Problems uploading log file
 
Forum Information
Currently it is Wednesday, September 17, 2014 2:31 AM (GMT +3)
There are a total of 60,601 posts in 13,318 threads.
In the last 3 days there were 2 new threads and 6 reply posts. View Active Threads
Who's Online
This forum has 36360 registered members. Please welcome our newest member, LovelyOne.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Kitchen Cheap Cheshire (0)9/16/2014 3:44:38 PM (LovelyOne)
Unable to access Hotmail or other email providers (0)9/16/2014 2:20:27 PM (Robert Mateescu)
Bullguard 2014 Firewall and high DPC latency (19)9/16/2014 5:21:49 AM (klimek69)
Slow Performance Since Installing Bullguard (3)9/15/2014 12:41:35 PM (Robert Mateescu)